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METHOD OF TRANSPARENT ENCRYPTION 
AND DECRYPTION FOR AN ELECTRONIC 
DOCUMENT MANAGEMENT SYSTEM 

NOTICE OF COPYRIGHTS AND TRADE 
DRESS 

A portion of the disclosure of this patent document 
contains material which is subject to copyright protection. 
This patent document may show and/or describe matter 
which is or may become trade dress of the owner. The 
copyright and trade dress owner has no objection to the 
facsimile reproduction by any one of the patent disclosure, 
as it appears in the Patent and Trademark Office patent files 
or records, but otherwise reserves all copyright and trade 
dress rights whatsoever. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates generally to cryptographic 
systems and electronic docimient management systems. 

2, Description of Related Art 

Global access of electronic information can be critical for 
even the smallest of businesses today. Very few companies 
operate solely within the boundaries of a single location or 
their employee list. Over the last 25 years technology has 
rapidly advanced and expanded these boundaries. The 
advent of such technologies as the Internet, intranets, 
extranets, and e-mail have made the electronic transfer of 
information common place in businesses today. Manage- 
ment of business information is critical to the success of 
modem businesses. A technology known as Electronic 
Document Management (EDM) aims to provide organiza- 
tions with the ability to find any document, created in any 
application, by anyone, at any time, dealing with any 
subject, at any place in the world. EDM includes managing 
multiple versions of a document. PC DOCS, Inc. 
(Burlington, Mass.) is one of the world's leading providers 
of EDM solutions. With the advanced technology of EDM 
comes a wide variety of information that has varying eco- 
nomic values and privacy aspects. Users may not know what 
information is monitored or intercepted or who is using their 
computer. 

An electronic document management system (EDMS) is 
a combination of databases, indexes, and search engines 
utili/xd to store and retrieve electronic documents distrib- 
uted across an organization. An EDMS is designed to 
provide the structure required for an organization to properly 
manage and share its electronic document resources 

A wide array of information is typically stored in a 
company's EDMS. This includes: 

strategic and corporate plans; 

proprietary product and service information; 

confidential legal documents; 

private health information; and 

private employment information. 

As companies increase the efficiency of accessing more 
information, their security risks also increase. According to 
a recent survey by Ernest & Young LLP: 

74% of the respondents said their security risks have 
increased over the prior two years; 

more than a quarter said that their security risks have 
increase at a faster rate than the growth of their com- 
puting; 

55% of the respondents lacked confidence that their 
computer systems could withstand an internal attack 
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71% of security professionals are not confident thai their 
organizations are protected from external attack; and 
two-thirds of the respondents reported losses resulting 
from a security breach over the prior two years. 
5 The bottom line is simple — the more information 
available, the more security needed. 

It has been said that "There is no need to break the 
window of a house if the front door is unlocked." This 
saying certainly applies to computer security. The "unlocked 
10 doors" in electronic information security include: 
e-mail; 

electronic document management (including non-EDMS 
file systems); and 
J J stolen hardware. 

One of the fastest growing means of communication 
today is e-mail. It is estimated that over one million e-mail 
messages pass through the Internet every hour. E-mail 
provides a quick, economical, easy to use method of sharing 
2Q both thoughts and electronic information. Unfortunately, 
e-mail is like an electronic postcard for the world to see. It 
is transmitted across the Internet using the Simple Mail 
Transfer Protocol (SMTP). This protocol has virtually no 
security features. Messages and files can be read b^ anyone 
25 who comes into contact with them. 

The number of documents managed by organizations 
increases daily. Knowledge is becoming the most important 
product for companies today. As EDM enhances a compa- 
ny's productivity and efiSciency to manage that knowledge 
it also exposes that company to unauthorized access to that 
knowledge. The typical EDMS solely relies on password 
protection for security. 

The value of the approximately 265,000 portable com- 
puters (laptops, notebooks, palmtops) reported stolen in 
35 1996 was $805 million, a 27% increase from 1995. 
However, the data on these portable computers is worth 
much more than the hardware itself. It is critical that the data 
stored on any type of hardware, whether it is a desktop 
computer, portable computer or server, must be properly 
secured form any unauthorized access. 

Some of the "locks" used for electronic information 
security include: 
passwords, 
firewalls, 
45 smart cards, and 
encryption. 

Passwords are often used to prevent unauthorized indi- 
viduals from accessing electronic data. Passwords may also 
be itsed to link activities that have occurred to a particular 

50 individual. The problem with passwords is that if any 
unauthorized party steals or guesses a password, the security 
of the computer system may be severely compromised. 
Passwords are wholly inadequate for file archiving. 
Systems using firewalls prevent intruders from accessing 

55 the firm's internal systems. Password -based firewall systems 
do not provide positive user identification nor do they 
protect electronic data that is stored on a server, has left the 
firm on a portable computer, is sent via e-mail over the 
Internet, or is stored on a floppy disk. 

60 The typical smart card is a self-contained, tamper 
resistant, credit card size device that serves as a storage 
device and is equipped with an integrated microprocessor 
chip an non-volatile electronic memory. The smart card 
processes information on the integrated microprocessor 

65 chip. Security is enhanced because the user must have the 
smart card along with the user's confidential information 
(e.g., a password) to gain access to their computer files. 
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Passwords are kept off computer hosts and on the smart card 
to enhance security. Smart cards typically can only be 
accessed with a tiser-defined password. Many smart cards 
include a lock-out feature so that failed attempts at the smart 
card password will lock the card out to prevent any unau- 5 
thorized or fraudulent use of the smart card, ISO 7816 
compliant smart cards and smart card readers follow indus- 
try standards. 

Increasingly, information technology professionals are 
turning to encryption technologies to ensure the privacy of lO 
business information. Encryption can provide 
confidentiality, source authentication, and data integrity. 
Unfortunately encryption generally is cumbersome and dif- 
ficult to use. A major obstacle for the implementation of 
encryption technologies has been their disruption to the 15 
users' workflow. 

Encryption is a process of scrambling data utilizing a 
mathematical function called an encryption algorithm, and a 
key that affects the results of this mathematical function. 
Data, before becoming encrypted, is said to be "clear text/' 20 
Encrypted data is said to be "cipher text." With most 
encryption algorithms, it is nearly impossible to convert 
cipher text back to clear text without knowledge of the 
encryption key used. The strength of the encrypted data is 
generally dependent upon the encryption algorithm and the 25 
size of the encryption key. 

There are two types of encryption: symmetric (private 
key) and asymmetric (public key). 

I^vate key encryption uses a common secret key for both 
encryption and decryption. Private key encryption is best 30 
suited to be used in trusted work groups. It is fast and 
efficient, and properly secures large files. The leading private 
key encryption is PES ( Data Encryption Standard). DES 
was adopted as a federal standard in 1977. It has been 
extensively used and is considered to be strong encryption. 35 
Other types of private key encryption include: Triple-DES . 
IDEA, RC4, MD5, Blowfish and Triple Blowfish. 

E^iblic key encryption uses a pair of keys, one public and 
one private. Each user has a personal key pair, and the user's 
public (or decryption) key is used by others to send 40 
encrypted messages to the user, while the private (or 
decryption) key is employed by the user to decrypt messages 
received. Public key encryption and key generation algo- 
rithms include the public domain Diffie-Hcllhman 
algorithm, the RSA algorithm invented by Riverst,- Shamir 45 
and Adleman at the Massachusetts Institute of Technology 
(MIT), and the Pretty Good Privacy algorithm (PGP) devel- 
oped by Phil Zimmermann. Because of their mathematical 
structure, public key encryption is slower than most private 
key systems, thus making them less efiScient for use in a 50 
trusted network or for encrypting large files. 

Although these private key and public key encryption 
algorithms do a good job at maintaining the confidentiality 
of the encrypted matter, they have numerous problems. The 
biggest obstacle to adoption of any type of encryption 55 
system has been ease of use. Typical encryption systems are 
very cumbersome. They require a user to interrupt their 
normal work flow, save their clear text document, activate 
the separate encryption software, and save the cipher text 
document under a different name. Where the subject docu- 60 
ment is ordinary e-mail contents, the process is especially 
cumbersome, because the clear text must first be created in 
a separate application, then encrypted, then attached to the 
e-mail message. 

A major concern in computing today is "total cost of 65 
ownership," or TCO. TCO recognizes that while a program 
might be inexpensive (or even free in the case of PGP for 
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non-commercial use), there are significant costs in using the 
software. TTiis includes the cost of installation, training, lost 
productivity during use and from bugs, and maintenance. 

Even where one of the typical encryption systems might 
satisfy a user's TCO needs, they may not even be an 
available option. For example, typical EDMSes are self- 
contained and are not compatible with typical encryption 
systems. 

It is therefore the object of the invention to provide a 
document encryption and decryption system which solves 
these problems. It is a further object to provide a document 
encryption and decryption system which works with mini- 
mal disruption of a user's normal workflow. It is a further 
object to provide a document encryption and decryption 
system which is compatible with EDMSes. It is a further 
object to provide a document encryption and decryption 
system which minimizes TCO. It is a further object to 
provide a document encryption and decryption system 
which takes advantage of the features of smart cards which 
are not available from pure on-line security systems. 

SUMMARY OF THE INVENTION 

The previously described objects are achieved in a 
method of encrypting documents and a method of decrypt- 
ing documents in which the cryptographic process is largely 
transparent to the user. 

In the encryption method, after a user issues a "close," 
"save" or "save as" command for a document, the command 
is translated into an event, and a crypto module traps the 
event. The crypto module then obtains an encryption key 
value and encrypts the document using the encryption key 
value. With the document encrypted, the crypto module 
passes control to an electronic document management sys- 
tem which executes the "close," "save" or "save as" com- 
mand. 

In the decryption method, after the user selects a docu- 
ment to be opened, an "open" command issues and is 
translated into an event. The crypto module traps the event, 
retrieves a decryption key value and decrypts the document 
using the decryption key value. The crypto module then 
passes control to the electronic document management sys- 
tem which executes the "open" command so that the docu- 
ment is opened in the appropriate application program. 

According to another aspect of the invention, an elec- 
tronic document management system distributed between a 
file server and a workstation is enhanced with tc^ns fjarent 
cryptography . The file server includes an access server 
comprismg software for handling user authentication and 
file system access control for the file server. Tlie workstation 
includes an access client comprising software for enabling a 
user to sign on to the file server and obtain access to the file 
system on the file server. There is also an EDM server in the 
file server comprising software for controlling an EDM 
database and EDM indexes to the EDM database, and an 
EDM client in the workstation comprising software for 
interfacing the workstation to the EDM server and thereby 
allowing access by a user at the workstation to the EDM 
database. A crypto server is also included in the electronic 
document management system of the invention, and the 
crypto server comprises software for intercepting I/O 
requests by the application and transparently handling 
encryption of the documents and decryption of encrypted 
documents. 

Still further objects and advantages attaching to the device 
and to its use and operation will be apparent to those skilled 
in the art from the following particular description. 



12/05/2003, EAST Version: 1.4.1 



us 6,11 

5 

DESCRIPTION OF THE DRAWINGS 

Further objects of this invention, logelher with additional 
features contributing thereto and advantages accruing 
therefrom, will be apparent from the following description 
of a preferred embodiment of the present invention which is 
shown in the accompanying drawings with like reference 
numerals indicating corresponding parts throughout and 
which is to be read in conjunction with the following 
drawings, wherein: 

FIG. 1 is a block diagram of a computer network in 
accordance with the invention. 

FIG. 2 is a block diagram of a general purpose computer 
in accordance with the invention. 

FIG. 3»is a functional block diagram of a cryptographic 
system in accordance with the invention. 

FIG. 4 is a flowchart of an encryption process in accor- 
dance with the invention. 

FIG. 5 is a flowchart of a decryption process in accor- 
dance with the invention. 

These and additional embodiments of the invention may 
now be better understood by turning to the following 
detailed description wherein an illustrated embodiment is 
described. 

DETAILED DESCRIPTION OF THE 
INVEN^nON 

Throughout this description, the preferred embodiment 
and examples shown should be considered as exemplars, 
rather than limitations on the apparatus and methods of the 
present invention. 

FIG. 1 shows a local area network (LAN) 100. To network 
communication lines 160 are coupled a number of worksta- 
tions 150a, 150^, 150c, 150d. A number of file servers 120a, 
1206 also are coupled to the network communication lines 
160, The network communications lines 160 may be wire, 
fiber, or wireless channels as known in the art. A user at any 
of the workstations 150 preferably may log on to at least one 
file server 120 as known in the art, and in some embodiments 
a workstation 150 may be logged on to multiple file servers 
120. One or more remote workstations 170 may be provided 
for dial-in access to the server 120fl through the public 
switched telephone network 130 or other remote access 
means. Network printers 140fl, 140b are also provided for 
printing documents. The network 100 may also include 
hubs, routers and other devices (not shown), 

FIG. 2 shows a general purpose computer 200 which is 
representative of the workstations 150 and file servers 120. 
The computer 200 preferably includes an Intel Corporation 
(San Jose, Calif,) processor 255 and runs a Microsoft 
Corporation (Redmond, Wash.) Windows operating system. 
In conjunction with the processor 255, the computer 200 has 
a short term memory 250 (preferably RAM) and a long term 
memory 280 (preferably a hard disk) as known in the art. 
The computer 200 further includes a LAN interface 215, a 
display 205, a display adapter 220, a keyboard 230, a mouse 
240, a smart card reader 260 and a bus 210 as known in the 
art. 

The smart card reader 260 preferably complies with ISO 
7816, a standard available from the American National 
Standards Institute (ANSI), To interface the smart card 
reader 260 to the computer's Windows operating system and 
other software, the computer 200 preferably includes an API 
provided by the smart card reader manufacturer. 
Alternatively, the computer 200 may include Microsoft's 
smart card API — SCard COM, available at 
www.microsoft.com/smartcard. 
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A user's smart card 265 p referably stores a unique user ID_ 
and password and a definable hierarchy ot encryption keys . 
The hierarchy preterably torms a table wherein a key nam e 
is a^sociatea witn each key value in the table, and the table 

5 may store both encryption Keys and decryption keys as 
necessa ry tor the selected crypto^ aphic a lgonttims . "TT 
sfibilld bt appreciated that, in private key crypiograpfiy, the 
same key value is used for both encryption and decryption. 

Although something as simple as a user ID/password 
scheme could be used with the keys stored in the disk 280 
or memorized by the user, a data reader device and portable 
data storage device such as the smart card reader 260 and 
smart card 265 are preferred. Instead of the smart card reader 
260 and smart card 265, there could be provided, for 
example, a biometric recognition system, wireless identifi- 
cation devices, hand held tokens, etc. Pfefprahly, the por- 
t able data storage device can secure ly store one or more 
e ncryption and decryption Keys . HoWevar*, a biometnc rec- 
ognition system may provide key selection based on inher- 
enl biometric features, eliminating the need to actually store 
keys in a component external to the computer 200. Where 
the portable data storage device is used solely as a source of 
positive identification (i.e., authentication), th , f \c^.y^ may 
^red on the 120 file server fo^ example ap^ accfiss^H 

2^ through a certificate mechanism. 
*^ lietore proceeding, a few terms are defined. By "file 
server" it is meant a computer which controls access to file 
and disk resources on a network, and provides security and 
synchronization on the network through a network operating 

3Q system. By "server" it is meant hardware or software which 
provides network services. By "workstation" it is meant a 
client computer which routes commands either to its local 
operating system or to a network interface adapter for 
processing and transmission on the network. By "client" it 

35 is meant software which is serviced by a server. A worksta- 
tion may function as a server by including appropriate 
software, and may be for example, a print server, archive 
server or communication server. By "software" it is meant 
one or more computer interpretable programs and/or mod- 

4Q ules related and preferably integrated for performing a 
desired function. By "document" it is meant a named, 
structural unit of text, graphics and/or other data that can be 
stored, retrieved and exchanged among systems and users as 
a separate unit, 

45 Referring now to FIG, 3, there is shown a conceptual 
block diagram of several functional units relevant to the 
invention which operate within the file server 120 and 
workstation 150. The workstation 150 includes at least one 
application 350. The application 350 is a collection of 

50 software components used to perform specific types of 
user-oriented work and may be, for example, a graphic 
editor, a word processor or a spreadsheet. 

As is typical in the art, the workstation 150 obtains access 
to the file server 120 through a user ID and password system 

55 which extends to the file system on the file server 120. The 
file server has an access server 315 for handling thefiler 
s erver's user authentication and access control dutie s, and 
ahe workstation 150 include an access client 310 through 
which a usej^signs on to the file server 120. In the preferred 

60 embodiment the access server JlsTs a part of Windows NT 
Server, and the access client 310 is a part of Windows 95 and 
Windows NT Workstation. Other operating systems such as 
Unix and Novell Netware also include access servers and 
access clients for providing user authentication and file level 

65 security. 

Within the file server 120 there is preferably an EDM 
server 325. To interface with the EDM server 325, the 
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workstation 150 includes an EDM client 320, sometimes The crypto server 330 utilizes the file administration 

referred to as an "EDM plug-in." The FHM ^p.rvp.r taBle, for example, to determine if a new file should he 

controls an EDM database 345 and EDM indexes (not encrypted, and which encryption key to use to encrypt |h e 

shown), and preferably provides EDM search engines. The n ew tU c. The crypto server 330 preferably utilizes and 

EDM database 345 itself may be distributed, for example 5 updates an encrypted files table in the EDM database 345 

across file systems and file servers, and may be entirely or which lists each encrypted file. 

partially in the workstation 150. The EDM server 325 may The crypto server 330 may itself comprise a number of 

include a database server such as a SQL server for interfac- functional units. For example, the crypto server 330 prefer- 

ing to the EDM database 345. The EDM client 320 provides ably includes interfaces to one or more cryptographic 

the workstation with an interface to the EDM server and lO systems, such as those described in the Description of the 

therefore allows access by a user at the workstation 150 to Related Art section above. The crypto server 330 preferably 

the EDM database 345, indexing and search services pro- also includes an interface to the smart card reader 260 (FIG, 

vided by the EDM server 325. 2) for reading the smart card 265. The smart card 265 

The EDMS of the preferred embodiment is SQL-based. preferably is u sed to keep the encryption and decry atiijn 

Thus, the EDM database 345 comprises a SQL database, the ^5 k eys separate from the workstation J .50 and provide positive 

EDM server 325 comprises a SQL server, and the EDM user identification. The crypto server 330 also works with 

client 320 comprises a SQL plug- in. T he SQL database the access client 310 in performing user authentication and 

stores file and file location information . A "reBflsilaqt," access. In particular, the typical prior art user access process 

which could be considered part of the EDM database 345, is enhanced by requiring that the user enter a user ID and 

s tores the files , and is managed and distributed using tech- 20 password which are stored on the user's smart card 265. 

niques known in the art. In older EDM systems, the SQL Turning now to FIG. 4, there is shown a flowchart of thP 

plug-in comprises special software which adapted particular encryption process in accordance with the invention. After 

popular applications for use with the EDMS. However, with the process begins (step 405), it is preferred that the user 

the promulgation of the Open Document Management submit to authentication by the access client 310 and access 

Architecture (ODMA) specification, applications are avail- 25 ^^^^ 3^5 (st^p 410). The authentication step is preferably 

able which operate seamlessly with many contemporary performed when the user signs onto the workstation 150. 

EDM systems. Under ODMA, the EDM plug-in registers Preferably, the user must insert his smart card 265 into the 

itself so that it handles file I/O. smart card reader 260 and enter the user ID and password 

The EDM server 325, EDM database 345 and EDM client stored on the smart card 265. Once authenticated, the smart 

320 are described herein as wholly separate from the respec- card 265 then makes available, as needed, the encryption 

tive operating systems of the file server 120 and workstation and de cryption key information stored therein. 

150. However, much if not all of the EDM server 325, EDM • At some point after the user has been authenticated, the 

database 345 and EDM client 320 could be fully integrated user will be working on a document in the application 350, 

into and even become a part of the respective operating and at some point is sue a "close," "save" or "save as" 

systems. In such an embodiment, the EDMS is just another c npiman H as known iii'the art (step 415). ITie command is 

part of an operating system's general file and data manage- tlicn tr anslated into an "event " (step 420), and the^cr^plQ 

ment features. server 330 traps this even t (step 425). Techniques for trans- 

Ascan be seen, the access server 315 and the access client latmg commands into events and trapping events are well 
310 functionally reside between the EDM server 325 and the known in the art and are typically different for each oper- 
EDM client 320, thereby separating the EDM server 325 and ating system. In Windows, the event translation step corn- 
EDM client 320 with a measure of security. This aspect of prises generating an event message. 
FIG. 3 is the typical prior art configuration, and it provides The trapped event has the effect of alerting the crypto 
file-level security for documents in the EDM database 345 server 330 that it may be necessary to encrypt the document, 
controlled by the EDM server 325. However, preferably before encrypting the document, the 

Positioned functionally between the application 350 and crypto server 330 tests whether the document should be 

. the EDM client 310 is a crypto server 330. In typical prior encrypted (step 430). Preferably, at least three different tests 

art systems, the apphcation 350 would communicate directly performed. 

with the EDM client 310. however, in accordance with the In the first test, the crypto server 330 tests whether the 

invention, the crypto server 330 is functionally disposed 50 user has been authenticated. The first test is relatively 

between the application 350 and the EDM client 310, and simple. Where the smart card 265 or similar means is used 

intercepts or traps 1/0 requests by the application which for storing keys, this test is necessary because the keys will 

otherwise would be intercepted or trapped by the EDM not even be available unless the user was authenticated, 

client 310. In the second test, the crypto server 330 tests whether the 

The crypto server 330 of the invention Ls a software 55 document was already encrypted when it was opened by the 

module which transparently handles the encryption of docu- application 350. By default, a document which was already 

ments and the decryption of encrypted documents, making encrypted when opened should be encrypted when closed or 

encryption and decryption simple and easy to use. The saved. 

crypto server 330 handles encryption and decryption without In the third test, the crypto server 330 tests whether the 

requiring user input and without normally displaying status 60 EDM database 345 has an i adicator that the .docume nt 

information during normal encryption and decryption opera- should be encrypted . As described above, the EDM database 

tions. Preferably, the user or a system administrator may Mb irtdudes a lisTof encrypted documents in an encrypted 

establish a system-level configuration determinative of files table. The EDM database 345 preferably also includes 

when error messages should be displayed. Preferably, also, c riteria for new documents which indicate whether _new 

the syst em a d mininlninr m^v rr^^ip and maintain a file, rt s documen ts, when the cntena are meUshouId be encrypte d. 

adlministration table in the EDM database 345 which defines llielHiterirare preferably store? m the file adminislratTon 

cITteria for which files are to be encrypted and which key to table described above. To perform the third test, the crypto 
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server 330 passes a database query to the EDM client 320 to 
have the EDM server 325 query the EDM database 345. For 
existing files, the query is directed to the encrypted files 
table. For new files, the query is directed to the file admin- 
istration table. The EDM server 325 then passes the results 
of the test back to the EDM client 320, which provides the 
test results to the crypto server 330. 

If for any reason the document is not to be encrypted, then 
the crypto server 330 passes control to the EDM client 320 
which performs the "close," "save" or "save as" command 
on the unencrypted document. Alternatively, the decision not 
to encrypt, for one or more reasons, may result in an error 
message being displayed to the user, and may result in the 
document not being closed or saved. At this point, for 
documents which are not to be encrypted, the method is 
complete (step 445). 

If, in step 430, the document is to be encrypted, then the 
crypto server 330 preferably obtains an e ncrvntion key nam e 
which is associa ted with the documen t (step 450). 

The crypto server 330 then uses the encryption key name 
to retrieve an encryption key value which is associated with 
the encryption key name (step 455). For most encryption 
algorithms, the encryption key is a multi-digit number which 
is difficult to remember and even difficult to transcrib e. The 
encryptio n key name is preferably an alphanumeric descrip - 
tor which may be used by the user and/or system admi nis- 
trator for administering the encryption k ey value . Preferably, 
the encryption key value is also related to the identify of the 
user, and this is accomplished by retrieving the enccjiptieg 
key value fronLi heJ&e^Ua ble stored in the smart card 265 
which is associated with the relevant encryption key name. 

Once the crypto server 330 has the encryption key value, 
the crypto server 330 then encrypts the document with the 
encryption key value (step 460), and passes control to the . 
EDM client (step 435) go that the documen t ma y he save d 
(step 440). At this point, for documents which are to be 
encrypted, the method is complete (step 445). ^ 

Turning now to FIG. 5, there is shown a flowchart of the 
decryption process in accordance with the invention. After ^ 
the process begins (step 505), it is preferred t h ?t the ns^ ^ 
s ubmit to authentication (step 510 ). Authentication (step 
505) preferably is the same for encryption and decryption. 

At some point after the user has been authenticated , the*^ 
user will wish to open a document into the application 350 
(step 515). The file open command may be issued from 
within the application 350 or may be issued by a second 
application, with the nature of the document such that the 
application 350 will actually open the document and provide 
access to the document's contents. In any case, once the user {50 
selects a document to be opened, an "open" command is 
issued (step 517). 'YhQ open command is then translated into 
an event (step 520), and the crypto server 330 traps this 
event (step 525). 

The trapped event has the effect of alerting the crypto 
server 330 that it may be necessary to decrypt the document. 
However, preferably before decrypting the document, the 
crypto server 330 tests whether the document should be 
decrypted (step 430). Preferably, these tests are complimen- 
tary to those described above with respect to the encryption 
process. 

If for any reason the document is not to be decrypted, then 
the crypto server 330 passes control to the EDM client 320 
which performs the "open" command. Alternatively, the 
decision not to decrypt, for one or more reasons, may result 
in an error message being displayed to the user, and may 
result in the document not being opened. At this point, for 



documents which are not to be decrypted, the method is 
complete (step 545). 

If, in step 530, the document is to be decrypted, then the 
crypto server 330 preferably obtains a decryption key name 
which is associated with the document (step 550). The 
decryption key name is preferably obtained from the file's 
header or from the encyrpted files table. 

The crypto server 330 then uses the decryption key name 
to retrieve a decryption key value which is associated with 
the decryption key name (step 555). Preferably, the decryp- 
tion key value, like the encryption key value, is also related 
to the identify of the user, and this is accomplished by 
retrieving the decryption key value from the key table stored 
in the smart card 265 and associated with the decryption key 
name. 

Once the crypto server 330 has the decryption key value, 
the crypto server 330 then decrypts the document with the 
decryption key value (step 560), and passes control to the 
EDM client (step 535) so that the decrypted copy of the 
document may be opened into the application (step 540). At 
this point, for documents which are to be decrypted, the 
me thod is complete (step 545). 

Although exemplary embodiments of the present inven- 
tion have been shown and described, it will be apparent to 
those having ordinary skill in the art that a number of 
changes, modifications, or alterations to the invention as 
described herein may be made, none of which depart from 
the spirit of the present invention. All such changes, modi- 
fications and alterations should therefore be seen as within 
the scope of the present invention. 
It is claimed: 

1. A method of encrypting an electronic document which 
is open in an application program running in a general 
purpose computer, the general purpose computer including 
a display, a user input device, a crypto module and a 
processor, the method comprising: 

(a) from within the application program running in the 
general purpose computer, a user issuing one of a 
"close," "save" or "save as" command for the docu- 
ment using the user input device; 

(b) automatically translating the command into an event; 

(c) the crypto module automatically trapping the event; 

(d) the crypto module automatically obtaining an encryp- 
tion key value; 

(e) the crypto module automatically encrypting the docu- 
ment using the encryption key value; 

(f) the crypto module automatically passing control to an 
electronic document management system; and 

(g) the electronic document management system execut- 
ing the issued "close," "save" or "save as" command; 

whereby the electronic document is automatically 
encrypted. 

2. A method of encrypting a document as set forth in claim 
1 wherein the electronic document management system 
comprises a SQL database, a SQL database server and a SQL 
database client, the SQL database client being disposed in 
the general purpose computer. 

3. A method of encrypting a document as set forth in claim 
1 where step (d) comprises the steps of the crypto module 
determining if the document should be encrypted, and if not, 
then skipping step (e), and if so, then; 

the crypto module retrieving an encryption key name 

associated with the document; and 
the crypto module retrieving the encryption key value 

associated with the encryption key name. 
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4. A method of encrypting a document as set forth in claim 

3, wherein there are plural encryption key values and at least 
one encryption key value is associated with the user, the 
method ftxrther comprising the steps of: 

the user submitting to an access module for user authen- 
tication; 

if the access module does not authenticate the user, then 
always skipping steps (d) and (e); 

else in step (d), the crypto module retrieving the encryp- 
tion key value associated with the encryption key name 
and the user. 

5. A method of encrypting a document as set forth in claim 

4, the general purpose computer further comprising a data 
reader device for reading user identification and encryption 
key values from a portable data storage device, the method 
further comprising the user presenting the portable data 
storage device to the data reader device, wherein the access 
module utilizes information stored in the portable data 
storage device to authenticate the user, and the encryption 
key value associated with the user is stored in the portable 
data storage device. 

6. A method of encrypting a document as set forth in claim 

5, wherein the data reader device comprises a smart card 
reader and the portable data storage device comprises a 
smart card. 

7. A method of encrypting a document as set forth in claim 
5, wherein the data reader device comprises a biometric 
recognition system and the portable data storage device 
comprises the user, wherein the access module utilizes 
unique information about the user for authentication, and the 
encryption key value is derived from at least one character- 
istic of the user. 

8. A method of encrypting a document as set forth in claim 
1 wherein the electronic document management system 
comprises a database, the database including an indicator of 
whether the document should be encrypted, and step (c) 
further comprises, if the indicator in the database does not 
indicate that the document is to be encrypted, then skipping 
steps (d) and (e). 

9. A method of encrypting a document as set forth in claim 
8, wherein if the indicator in the database does not indicate 
that the document is to be encrypted, then also skipping 
steps (f) and (g). 

10. A method of encrypting a document as set forth in 
claim 1 wherein the general purpose computer comprises a 
workstation, and there is further provided a file server, 
wherein the crypto module comprises a crypto server on the 
workstation, the access module comprises an access server 
on the file server and an access client on the workstation, and 
the electronic document management system comprises an 
EDM database on the file server, an EDM server on the file 
server, and an EDM client on the workstation. 

11. A method of encrypting a document as set forth in 
claim 1 wherein the operating system includes at least part 
of the electronic document management system. 

12. A method of decrypting a document which is to be 
opened in an application program running in a general 
purpose computer, the general purpose computer including 
a display, user input device, a crypto module and a 
processor, the method comprising: 

(a) user selecting the document to be opened in the 
application program using the user input device; 

(b) an "open" command issuing for the document to be 
opened in the application program; 

(c) automatically translating the command into an event; 

(d) the crypto module automatically trapping the event; 
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(e) the crypto module automaticaUy retrieving a decryp- 
tion key value; 

(f) the crypto module automatically decrypting the docu- 
ment using the decryption key value; 

^ (g) the crypto module automatically passing control to an 
electronic document management system; and 
(h) the electronic document management system auto- 
matically executing the issued "open" command so that 
the document is opened in the application program; 
whereby the document is automatically decrypted. 

13. A method of decrypting a document as set forth in 
claim 12 wherein the electronic document management 
system comprises a SQL database, a SQL database server 
and a SQL database client, the SQL database client being 
disposed in the general purpose computer. 

14. A method of decrypting a document as set forth in 
claim 12 wherein step (e) comprises the crypto module 
determining if the document should be decrypted, and if not, 
then skipping step (f), and if so, then: 

the crypto module retrieving a decryption key name 

associated with the document; and 
the crypto module retrieving the decryption key value 
associated with the decryption key name. 
25 15. A method of decrypting a document as set forth in 
claim 14, wherein there are plural decryption key values and 
at least one decryption key value is associated with the user, 
the method further comprising the steps of: 

the user submitting to an access module for user authen- 
30 tication; 

if the access module does not authenticate the user, then 

always skipping steps (e) and (f); 
else in step (e), the crypto module retrieving the decryp- 
tion key value associated with the decryption key name 
35 and the user. 

16. A method of decrypting a document as set forth in 
claim 15, the general purpose computer further comprising 
a data reader device for reading user identification and 
decryption key values from a portable data storage device, 

40 the method further comprising the user presenting the por- 
table data storage device to the data reader device, wherein 
the access module utilizes information stored in the portable 
data storage device to authenticate the user, and the decryp- 
tion key value associated with the user is stored in the 

45 portable data storage device. 

17. A method of decrypting a document as set forth in 
claim 16, wherein the data reader device comprises a smart 
card reader and the portable data storage device comprises 
a smart card. 

50 18, A method of decrypting a document as set forth in 
claim 16, wherein the data reader device comprises a bio- 
metric recognition system and the portable data storage 
device comprises the user, wherein the access module uti- 
lizes unique information about the aser for authentication, 

55 and the decryption key value is derived from at least one 
characteristic of the user. 

19. A method of decrypting a document as set forth in 
claim 12 wherein the electronic document management 
system comprises a database, the database including an 

60 indicator of whether the document should be decrypted, and 
step (d) further comprises, if the indicator in the database 
does not indicate that the document is to be decrypted, then 
skipping steps (e) and (f). 

20, A method of decrypting a document as set forth in 
65 claim 19, wherein if the indicator in the database does not 

indicate that the document is to be decrypted, then also 
skipping steps (g) and (h). 
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21. A method of decrypting a document as set forth in 
claim 12 wherein the operating system includes at least a 
part of the electronic document management system. 

22. A method of decrypting a document as set forth in 
claim 12 wherein the general purpose computer comprises a 5 
workstation, and there is further provided a file server, 
wherein the crypto module comprises a crypto server on the 
workstation, the access module comprises an access server 
on the file server and an access client on the workstation, and 
the electronic document management system comprises an 
EDM database on the file server, an EDM server on the file 
server, and an EDM client on the workstation, 

23. An electronic document management system for stor- 
ing documents from an application in a workstation and 
retrieving documents from a file server to the apphcation, 
the file server having a file system, the electronic document 
management system comprising: 

(a) an access server in the file server comprising software 
for handhng user authentication and file system access 
control for the file server; 

(b) an access client in the workstation comprising soft- 20 
ware for enabling a user to sign on to the file server and 
obtain access to the file system on the file server; 

(c) an EDM server in the file server comprising software 
for controlling an EDM database and EDM indexes to 
the EDM database; 25 

(d) an EDM client in the workstation comprising software 
for interfacing the workstation to the EDM server and 
thereby allowing access by a user at the workstation to 
the EDM database; and 

(e) a crypto server comprising software for automatically 30 
intercepting I/O requests by the application and trans- 
parently handling encryption of the documents and 
decryption of encrypted documents; 

wherein the access server and access client are function- 
ally positioned between the EDM server and EDM 
client, and 

the crypto server is functionally positioned between the 
application and the EDM client. 

24. An electronic document management system as set 
forth in claim 23, wherein the crypto server software 
includes display commands, the display commands only for 
displaying error messages to the user. 

25. An electronic document management system as set 
forth in claim 23, wherein the crypto server includes inter- 
faces to plural cryptographic systems. 

26. An electronic document management system as set 
forth in claim 25, the cryptographic systems comprising at 
least one of RSA, DES, Triple-DES, Blowfish, Triple Blow- 
fish and IDEA, 

27. An electronic document management system as set 
forth in claim 23, the workstation further comprising a data 
reader device for reading user identification and key values 
from a portable data storage device, wherein the access 
client utilizes information stored in the portable data storage 
device to authenticate the user, and the crypto server obtains 
key values for encrypting and decrypting the documents 
from the portable data storage device via the data reader 
device. 



28. An electronic document management system as set 
forth in claim 27, wherein the data reader device comprises 
a smart card reader and the portable data storage device 
comprises a smart card. 

29. A program product for use in a general purpose 
computer that executes program steps recorded in a 
computer-readable media to perform a method of encrypting 
an electronic document which is open in an application 
program running in a general purpose computer, the general 
purpose computer including a display, a user input device 
and a processor, the program product comprising: 

a recordable media; and 

a program of computer-readable instructions executable 
by the computer system to perform method steps com- 
prising: 

(a) in response to a user issuing one of a "close," "save" 
or "save as" command for the document using the 
user input device from within the application pro- 
gram and the command being translated into an 
event, automatically trapping the event; 

(b) automatically obtaining an encryption key value; 

(c) automatically encrypting the document using the 
encryption key value; 

(d) automatically passing control to an electronic docu- 
ment management system; 

whereby the electronic document management system 
can then execute the issued "close," "save" or "save 
as" command and the electronic document is auto- 
matically encrypted. 

30. A program product for use in a general purpose 
computer that executes program steps recorded in a 
computer-readable media to perform a method of decrypting 
a document which is to be opened in an application program 
running in the general purpose computer, the general pur- 
pose computer including a display, user input device and a 
processor, the program product comprising: 

a recordable media; and 

a program of computer-readable instructions executable 
by the computer system to perform method steps com- 
prising: 

(a) in response to a user selecting the document to be 
opened in the application program using the user 
input device and an "open" command issuing for the 
document to be opened in the application program 
and the command being translated into an event, 
automatically trapping the event; 

(b) automatically retrieving a decryption key value; 

(c) automatically decrypting the document using the 
decryption key value; and 

(d) automatically passing control to an electronic docu- 
ment management system; 

whereby the electronic document management system 
can then execute the issued open command so that 
the document is opened in the application program 
and the document is automatically decrypted. 
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